package com.it1997.it1997admin.configuration;

import com.it1997.it1997admin.handler.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
public class BrowserSecurityConfigure extends WebSecurityConfigurerAdapter {
    //任何人都可以访问
    private static final String[] AUTH_WHITELIST = {
            // -- swagger ui
            "/swagger-resources/**",
            "/swagger-ui.html",
            "/v2/api-docs",
            "/webjars/**",
            "/favicon.ico",
            "/loginPage",
            "/indexPage",
            "/error404",
            "/error",
            "/adminListPage",
            "/roleListPage",
            "/permissionListPage",
            "/userAddPage",
            "/userEditPage",
            "/roleAddPage",
            "/roleEditPage",
            "/extractPage",
            "/monitorPage",
            "/monitorScreenPage",
            "/admin/getCaptcha",
            "/getRoleById",
            "/getAllPermission",
            "/getLinuxServer",
            "/connServer",
            "/execCmd"
    };
    //需要登录后才可以访问
    private static final String [] AUTH_LOGIN={
            "/admin/getUserInfo",
            "/admin/getAdminById",
            "/getAllRolesList",
            "/getMenu",
            "/getUserDetails",
            "/extractData"
    };
    @Autowired
    private MyUserDetailService userDetailService;
    @Autowired
    private FailureAuthenticationHandler failureAuthenticationHandler;
    @Autowired
    private SuccessAuthenticationHandler successAuthenticationHandler;
    @Autowired
    private JWTAuthenticationFilter jwtAuthenticationFilter;
    @Autowired
    private MyAuthenticationProvide authenticationProvide;
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/layuimini/**");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 1. 设置请求权限
        http.csrf().disable()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .formLogin()
                .loginPage("/loginPage")
                .failureHandler(failureAuthenticationHandler)
                .successHandler(successAuthenticationHandler)
                .and()
                .authorizeRequests()
                .antMatchers(AUTH_WHITELIST).permitAll()//所有人都可以访问
                .antMatchers(AUTH_LOGIN).authenticated()
                .antMatchers("/**").authenticated()
                .antMatchers("/**")
                .access("@rbacPermission.hasPermission(request,authentication)")
                .and()
                .exceptionHandling()
                .accessDeniedPage("/error403")
                .and()
                .headers().frameOptions().disable()
                .and()
                .addFilterBefore(new JWTLoginFilter(authenticationProvide), UsernamePasswordAuthenticationFilter.class)
                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
                ;
}
}
